Google Fonts loaded from fonts.googleapis.com

Your site loads fonts directly from Google's servers (fonts.googleapis.com). Each time a visitor loads a page, their browser sends a request — including their IP address — to Google's infrastructure in the US. Several European courts have ruled this constitutes a transfer of personal data (the visitor's IP) to a third party without adequate consent, and have fined businesses for it. Even if enforcement risk is low today, it is a straightforward fix that removes the exposure entirely. Download the font files (woff2 format) and host them on your own domain. Update your CSS to use @font-face pointing to your own files. Google Fonts has a download button, and tools like google-webfonts-helper make the process simple.

Why this matters

Several European courts have ruled this constitutes a transfer of personal data (the visitor's IP) to a third party without adequate consent, and have fined businesses for it. Even if enforcement risk is low today, it is a straightforward fix that removes the exposure entirely.

How to fix it

Download the font files (woff2 format) and host them on your own domain. Update your CSS to use @font-face pointing to your own files. Google Fonts has a download button, and tools like google-webfonts-helper make the process simple.